Ddos protection, Displaying syn cookie information – Brocade Virtual ADX Security Guide (Supporting ADX v03.1.00) User Manual

Page 97

Brocade Virtual ADX Security Guide

53-1003250-01

DDoS protection

Displaying SYN Cookie Information

This show server syn-cookie command displays information about the SYN ACKs that are sent and
received.

Syntax: show server syn-cookie

DDoS protection

A Distributed Denial of Service (DDoS) attack is employed to cause a denial of service to legitimate
users by consuming all or most of the CPU and memory resources on a Brocade Virtual ADX or on
real servers. The Brocade Virtual ADX provides protection and prevents well-known DDoS attacks
such as Xmas-tree attack, SYN fragment, address sweep and others. The Brocade Virtual ADX
prevents these attacks by defining filters for each type of attack coupled with a drop or log action.
These filters are then bound to an interface. All packets that match the filter on the bound interface
are dropped or logged as defined in the configuration. Filters can be defined according to a generic
rule as shown in

“Configuring a Generic Rule”

on page 86 or applied from built-in rules as

described in

. Filters are applied to IPv4 and IPv6 traffic

where appropriate.

The following sections describe how to configure a security filter, define rules within a security filter
and bind a security filter to an interface.

•